Christian Toffolo

1 exploit Active since Feb 2012
CVE-2011-4614 EXPLOITDB text WRITEUP
TYPO3 4.5.x-4.5.9 4.6.x-4.6.2 4.7 - Remote Code Execution via BACK_PATH Parameter
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.